medium
5.5
CWE
416 476
Advisory Published
Updated

CVE-2024-47712: wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param

First published: Mon Oct 21 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param In the `wilc_parse_join_bss_param` function, the TSF field of the `ies` structure is accessed after the RCU read-side critical section is unlocked. According to RCU usage rules, this is illegal. Reusing this pointer can lead to unpredictable behavior, including accessing memory that has been updated or causing use-after-free issues. This possible bug was identified using a static analysis tool developed by myself, specifically designed to detect RCU-related issues. To address this, the TSF value is now stored in a local variable `ies_tsf` before the RCU lock is released. The `param->tsf_lo` field is then assigned using this local variable, ensuring that the TSF value is safely accessed.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected SoftwareAffected VersionHow to fix
Linux Kernel>=5.4.273<5.5
Linux Kernel>=5.10.214<5.10.227
Linux Kernel>=5.15.153<5.15.168
Linux Kernel>=6.1.83<6.1.113
Linux Kernel>=6.6.23<6.6.54
Linux Kernel>=6.7.11<6.8
Linux Kernel>=6.8.2<6.9
Linux Kernel>6.9<6.10.13
Linux Kernel>=6.11<6.11.2
debian/linux<=5.10.223-1<=5.10.226-1
6.1.123-1
6.1.128-1
6.12.12-1
6.12.15-1
debian/linux-6.1
6.1.119-1~deb11u1

Remedy

https://git.kernel.org/stable/c/2f944e6255c2fc1c9bd9ee32f6b14ee0b2a51eb5

Remedy

https://git.kernel.org/stable/c/557418e1704605a81c9e26732449f71b1d40ba1e

Remedy

https://git.kernel.org/stable/c/6d7c6ae1efb1ff68bc01d79d94fdf0388f86cdd8

Remedy

https://git.kernel.org/stable/c/79510414a7626317f13cc9073244ab7a8deb3192

Remedy

https://git.kernel.org/stable/c/84398204c5df5aaf89453056cf0647cda9664d2b

Remedy

https://git.kernel.org/stable/c/b040b71d99ee5e17bb7a743dc01cbfcae8908ce1

Remedy

https://git.kernel.org/stable/c/bf090f4fe935294361eabd9dc5a949fdd77d3d1b

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2024-47712?

    CVE-2024-47712 is classified as a medium-severity vulnerability in the Linux kernel.

  • How do I fix CVE-2024-47712?

    To fix CVE-2024-47712, update your Linux kernel to a version that is not affected, such as 6.1.123-1 or a later version.

  • Which Linux kernel versions are affected by CVE-2024-47712?

    CVE-2024-47712 affects various Linux kernel versions including those between 5.4.273 to 6.9 and certain ranges within those.

  • What is the impact of CVE-2024-47712?

    The impact of CVE-2024-47712 may include potential exploitation through an RCU dereference issue in the wilc_parse_join_bss_param function.

  • How can I verify if my system is vulnerable to CVE-2024-47712?

    You can verify if your system is vulnerable to CVE-2024-47712 by checking the kernel version against the affected version ranges.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203